
<!DOCTYPE HTML>
<html lang="" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>Day05-1 · GitBook</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.2">
        
        
        
    
    <link rel="stylesheet" href="gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-highlight/website.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-search/search.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
    
        
    
        
    
        
    
        
    
        
    

        
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="gitbook/images/favicon.ico" type="image/x-icon">

    
    <link rel="next" href="Day05-1.html" />
    
    
    <link rel="prev" href="Day04-2.html" />
    

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="Type to search" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    

    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="./">
            
                <a href="./">
            
                    
                    Introduction
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="Day01.html">
            
                <a href="Day01.html">
            
                    
                    Day01
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="Day02.html">
            
                <a href="Day02.html">
            
                    
                    Day02
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="Day03.html">
            
                <a href="Day03.html">
            
                    
                    Day03
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.5" data-path="Day04-1.html">
            
                <a href="Day04-1.html">
            
                    
                    Day04-1
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.6" data-path="Day04-2.html">
            
                <a href="Day04-2.html">
            
                    
                    Day04-2
            
                </a>
            

            
        </li>
    
        <li class="chapter active" data-level="1.7" data-path="Day05-2.html">
            
                <a href="Day05-2.html">
            
                    
                    Day05-1
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.8" data-path="Day05-1.html">
            
                <a href="Day05-1.html">
            
                    
                    Day05-2
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.9" data-path="Day06.html">
            
                <a href="Day06.html">
            
                    
                    Day06
            
                </a>
            

            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            Published with GitBook
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href="." >Day05-1</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <h1 id="day05-iptables&#x4E60;&#x9898;">Day05-iptables&#x4E60;&#x9898;</h1>
<p>Author&#xFF1A;<code>10-MF&#x8D3E;-Py201704024</code>
Date&#xFF1A;<code>6&#x6708;16&#x65E5;</code></p>
<h3 id="&#x7B2C;&#x4E00;&#x9898;&#xFF1A;">&#x7B2C;&#x4E00;&#x9898;&#xFF1A;</h3>
<p>&#x547D;&#x4EE4;&#xFF1A;</p>
<pre><code class="lang-shell">iptables -F        # &#x6E05;&#x7A7A;
iptables -I INPUT -s 192.168.0.101 --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j DROP
</code></pre>
<p>&#x7ED3;&#x679C;&#xFF1A;</p>
<pre><code class="lang-shell">Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.0.101        0.0.0.0/0           tcp dpt:22 
ACCEPT     all  --  192.168.0.0/24       0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
</code></pre>
<h3 id="&#x7B2C;&#x4E8C;&#x9898;&#xFF1A;&#x9632;&#x6B62;cc&#x653B;&#x51FB;">&#x7B2C;&#x4E8C;&#x9898;&#xFF1A;&#x9632;&#x6B62;cc&#x653B;&#x51FB;</h3>
<pre><code class="lang-shell">vim /root/day05/drop_cc.sh

#!/bin/bash
# date:2017-06-17
# author: MF.Jia

www_log=&quot;/var/log/nginx/access.log&quot;
drop_log=&quot;/var/log/nginx/drop_ip.log&quot;
line=5000
max=300

date &gt;&gt; $drop_log

drop_ip=`tail -$line $www_log | awk &apos;{a[$1]++}END{for(i in a)if(a[i]&gt;$max)print i}&apos;`

if [[ -n $drop_ip ]]; then
    echo &quot;[info]: cc attack found in $www_log&quot; &gt;&gt; $drop_log
    for i in $drop_ip; do
    if [[ -z `/sbin/iptables -nvL | grep $i` ]]; then
        /sbin/iptables -I INPUT -s $i -p tcp --dport 80 -j DROP
        echo &quot;[drop]: /sbin/iptables -I INPUT -s $i -p tcp --dport 80 -j DROP&quot; &gt;&gt; $drop_log
    else
        echo &quot;[warn]: $i is already in drop list&quot; &gt;&gt; $drop_log
    fi
    done
else
    echo &quot;[info]: no cc attack found in $www_log&quot; &gt;&gt; $drop_log
fi

echo &quot;&quot; &gt;&gt; $drop_log
</code></pre>
<pre><code class="lang-shell">crontab -e
*/1 * * * * sh /root/day05/drop_cc.sh
</code></pre>
<p>&#x65E5;&#x5FD7;&#xFF1A;</p>
<pre><code class="lang-verilog">Sat Jun <span class="hljs-number">17</span> <span class="hljs-number">17</span>:<span class="hljs-number">20</span>:<span class="hljs-number">01</span> CST <span class="hljs-number">2017</span>
[info]: no cc attack found in /var/log/nginx/access.log

Sat Jun <span class="hljs-number">17</span> <span class="hljs-number">17</span>:<span class="hljs-number">21</span>:<span class="hljs-number">01</span> CST <span class="hljs-number">2017</span>
[info]: cc attack found in /var/log/nginx/access.log
[drop]: /sbin/iptables -I INPUT -s <span class="hljs-number">192</span>.<span class="hljs-number">168</span>.<span class="hljs-number">0</span>.<span class="hljs-number">102</span> -p tcp --dport <span class="hljs-number">80</span> -j DROP

Sat Jun <span class="hljs-number">17</span> <span class="hljs-number">17</span>:<span class="hljs-number">22</span>:<span class="hljs-number">01</span> CST <span class="hljs-number">2017</span>
[info]: cc attack found in /var/log/nginx/access.log
[warn]: <span class="hljs-number">192</span>.<span class="hljs-number">168</span>.<span class="hljs-number">0</span>.<span class="hljs-number">102</span> is already in drop list

Sat Jun <span class="hljs-number">17</span> <span class="hljs-number">17</span>:<span class="hljs-number">23</span>:<span class="hljs-number">01</span> CST <span class="hljs-number">2017</span>
[info]: cc attack found in /var/log/nginx/access.log
[warn]: <span class="hljs-number">192</span>.<span class="hljs-number">168</span>.<span class="hljs-number">0</span>.<span class="hljs-number">102</span> is already in drop list
</code></pre>
<h3 id="&#x7B2C;&#x4E09;&#x9898;&#xFF1A;&#x66B4;&#x529B;&#x7834;&#x89E3;&#x9632;&#x5FA1;&#x811A;&#x672C;">&#x7B2C;&#x4E09;&#x9898;&#xFF1A;&#x66B4;&#x529B;&#x7834;&#x89E3;&#x9632;&#x5FA1;&#x811A;&#x672C;</h3>
<pre><code>#
</code></pre><h3 id="&#x7B2C;&#x56DB;&#x9898;&#xFF1A;&#x6211;&#x53EF;&#x4EE5;ping&#x522B;&#x4EBA;&#xFF0C;&#x522B;&#x4EBA;&#x4E0D;&#x80FD;ping&#x6211;">&#x7B2C;&#x56DB;&#x9898;&#xFF1A;&#x201C;&#x6211;&#x53EF;&#x4EE5;ping&#x522B;&#x4EBA;&#xFF0C;&#x522B;&#x4EBA;&#x4E0D;&#x80FD;ping&#x6211;&#x201D;</h3>
<h4 id="&#x65B9;&#x6CD5;&#x4E00;&#xFF1A;">&#x65B9;&#x6CD5;&#x4E00;&#xFF1A;</h4>
<pre><code class="lang-shell">iptables -A INPUT -p icmp --icmp-type 8 -j DROP        #&#x7981;&#x522B;&#x4EBA;&#x7684;icmp&#x8BF7;&#x6C42;
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT    #&#x5141;&#x8BB8;&#x81EA;&#x5DF1;&#x7684;icmp&#x54CD;&#x5E94;
iptables -A OUPUT -p icmp --icmp-type 8 -j ACCEPT    #&#x5141;&#x8BB8;&#x81EA;&#x5DF1;&#x7684;icmp&#x8BF7;&#x6C42;
iptables -A OUPUT -p icmp --icmp-type 0 -j DROP        #&#x7981;&#x522B;&#x4EBA;&#x7684;icmp&#x54CD;&#x5E94;
</code></pre>
<h4 id="&#x65B9;&#x6CD5;&#x4E8C;&#xFF1A;">&#x65B9;&#x6CD5;&#x4E8C;&#xFF1A;</h4>
<pre><code class="lang-shell">iptables -A INPUT -p icmp --icmp-type 8 -j DROP        #&#x7981;&#x522B;&#x4EBA;&#x7684;icmp&#x8BF7;&#x6C42;
</code></pre>
<h4 id="&#x65B9;&#x6CD5;&#x4E09;&#xFF1A;">&#x65B9;&#x6CD5;&#x4E09;&#xFF1A;</h4>
<pre><code class="lang-shell">iptables -A OUPUT -p icmp --icmp-type 0 -j DROP        #&#x7981;&#x522B;&#x4EBA;&#x7684;icmp&#x54CD;&#x5E94;
</code></pre>

                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="Day04-2.html" class="navigation navigation-prev " aria-label="Previous page: Day04-2">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
                <a href="Day05-1.html" class="navigation navigation-next " aria-label="Next page: Day05-2">
                    <i class="fa fa-angle-right"></i>
                </a>
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"Day05-1","level":"1.7","depth":1,"next":{"title":"Day05-2","level":"1.8","depth":1,"path":"Day05-1.md","ref":"Day05-1.md","articles":[]},"previous":{"title":"Day04-2","level":"1.6","depth":1,"path":"Day04-2.md","ref":"Day04-2.md","articles":[]},"dir":"ltr"},"config":{"gitbook":"*","theme":"default","variables":{},"plugins":["livereload"],"pluginsConfig":{"livereload":{},"highlight":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"}},"file":{"path":"Day05-2.md","mtime":"2017-06-17T09:30:02.000Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2017-07-01T15:45:14.694Z"},"basePath":".","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="gitbook/gitbook.js"></script>
    <script src="gitbook/theme.js"></script>
    
        
        <script src="gitbook/gitbook-plugin-livereload/plugin.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search-engine.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-sharing/buttons.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

